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The present invention relates to computer network security. More 
particularly, this invention is related to fast table-lookup algorithms of multiple- 
dimensional sequential data array for broad ranges of applications. The 
applications may include firewall, i.e., a combination of computer hardware and 
software for selectively accepting network data communications and rejecting 
unacceptable data transmissions to safeguard a computer network based on a 
predefined policy table. 



below 



b) On page^uTlinesl6 to 25, please an>ei\d the third paragraph as set forth 



Packet filters are typically configured in a "default permit or denial 
stance' 1 , i.e., that which is not expressly prohibited /permitted is permitted 
/prohibited. In order for a packet filter to prohibit potentially harmful traffic, it 
must know what the constituent packets of that traffic look like. However, it is 
virtually impossible to catalogue all the various types of potentially harmful 
packets and to distinguish them from benign packet traffic. The filtering function 
required to do so is too complex. Hence, while most packet filters may be 
effective in dealing with the most common types of network security threats, this 
methodology presents many chinks that an experienced hacker may exploit. The 
level of security afforded by packet filtering, therefore, leaves much to be 
desired. 



b) On pag^S; in lines 1 to 7, please am^ptfl the first paragraph as set forth below: 

In general, network firewalls employ filter rules or policies to police 
network communication. In such implementation, a data packet is examined and 
checked with fire filter policy rules. In essence, the policy lookup in the network 
^ firewall is to find an efficient way to map a five-dimensional space DA, SA, DP, 

SP and protocol, to one dimension policy space. Historically, most firewalls use 
linear search algorithms. These algorithms are very time consuming and with 
O(N) as the upper bound of searching time and the searching time increase 
linearly as the Policy List growing. 

z. 



d) On pag^lO, in lines 1 to 17, please am^ifd the first paragraph as set forth 
below: 
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Referring to Fig. 1 again, each entry of the policy table is assigned a policy 
entry counter ip = 1, 2, 3, ...N, according to an ascending sequential order 
starting from zero (step 135) where N is the total number of policy entries in the 
policy table. The process continues by assign an policy entry counter ip to each 
table entry corresponding to every {SASN, DASN} pair in the source-destination 
address mapping table and each table entry corresponding every {SPSN, DPSN} 
pair in the source-destination port mapping table (SDPMT) (step 140). All the 
table entries are initially registered as "unused" before the policy entry counter ip 
is entered in either the SDAMT or the SDPMT tables, and each table entry in 
either of these two tables is entered only with the first ip counter. Once a policy 
entry counter ip is entered for a table entry, that table entry in either the SDAMT 
or SDPMT tables is assigned with one unique ip counter and will not be changed 
unless overwritten by other procedure when there are changes made to the 
policy table. A mapping process is then carried out to transform from the four 
dimensional space defined by four entries of ip in four tables, i.e., SDAMT and 
SDPMT , to another two dimensional space represented by a policy mapping 
table (PMT) (step 145). 

e) On page^O^in lines 18 to page 11 line 1, please ajxtfnd the second paragraph 
as set forth below: 



Referring to Figs. 5A to 5C for an example for illustrating the mapping 
process to construct the policy-mapping table. Figs. 5A and 5B shows the 
SDAMT and SDPMT entries at the time when the processes for constructing 
these two tables are completed for the policy entry counter ip=4. For policy- 
Q £ entry counter ip=l, examining Figs. 5A and 5B, there is only one combination, 

t j~ i* e v (1/ !}• An ip counter number, i.e., ip = 1, is entered into the slot {1, 1} of the 
policy mapping table (PMT). For ip = 2, there are possible combinations of {1, 2} 
and {2, 2}. An ip counter number, i.e., ip = 2, is entered into the slot {1, 2}, and {2, 
2} of the policy mapping table (PMT). For ip = 3 there are possible combinations 
of {3, 1} and {3, 3}. An ip counter number, i.e., ip = 3, is entered into the slot {3, 1}, 
and {3, 3} of the policy mapping table (PMT). For ip = 4, the possible 
combinations are {4, 2} and {4, 4}. An ip counter number, i.e., ip = 4, is entered 
into the slot {4, 2), and {4, 4} of the policy mapping table (PMT). The X-Y 
coordinates on the PMT table are therefore generated by combining the policy 
entry counters from the source-destination address mapping table (SDAMT) as 
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« the X-coordinate, and the policy entry counters from the source-destination port 
jJL ' mapping table (SDPMT) as the Y-coordinate for all policy entry counter ip = 1, 2, 

3, N, a policy mapping table is formed. A two two-dimensional tables are 
mapped into a two dimensional policy mapping table as that illustrated in Fig. 
5C 

— i — — — — - — — — ■ — ■ — 

f) On pageAAf^mes 3 to 122, please anjeftd'the second paragraph as set forth 
belo\ 

Referring back to Fig. 1 again, for the purpose of effectively conducting a 
"fast policy lookup" process, four "balanced binary trees" are structured (step 
150). These four binary trees are a source address tree, a destination address tree, 
a source-port tree and destination-port tree. These balanced binary trees provide 
the benefits that the table-lookup processes can be more expeditiously completed 
f\(f because the processes are performed in a more structured, organized and 

balanced manner. The search time is reduced from O(N) for the unstructured 
array to O(lnN) when balanced binary trees are implemented. Suppose that 
there are N source and destination addresses and M source and destination port, 
the process generally starts from a root represented by a source/ destination 
address sequence number of N/2 and source/ destination port number of M/2. 
Each binary tree starts with a root N/2 or M/2, each having two branches having 
the source-destination address and port sequence numbers starting from [(N/2- 
1), (N/2+1)] and [(M/2-1), (M/2+1)] respectively. In receiving an incoming 
packet, the header of the packet is parsed to get the source/ destination addresses 
and source /destination port number (step 155). These address and port number 
are then applied to travel down the four binary trees to find the 
source /destination address sequence numbers, i.e., SASN and DASN, and the 
source-destination port sequence number, i.e., SPSN and DPSN (step 160). Using 
the SASN and DASN as X-Y coordinates, a policy entry counter ip(A) is 
determined from the SDAMT as that shown in Fig. 5A. Using the SPSN and 
DPSN as X-Y coordinates, a policy entry counter ip(P) is determined from the 
SDPMT as that shown in Fig. 5B (step 165). These two policy entry counter 
numbers ip(A) and ip(P) are then used as X-Y coordinates to lookup the final 
policy entry counter number from the policy mapping table as that shown in Fig. 
5C (step 170). 
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am^nt 



The computational complexity of policy lookup is reduced from O(n) to 
f\ ^\ O(lgn), where the n is the number of entries of the Policy List. 
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